hxxps://bcdtravel[.]satmetrix[.]com/app/datacollection/survey/datacollection?p=MTYAAAAAAAAAALZfOhHoAhx0EbYhMNipJpnun%2B3IrEfSxb9R%2BulWN%2BtxZMUV1dhfqIGR%2BtpESdtsRUkNXBKnBo8BLRXPiBhWbdCIGQhiK5m9DT3IgrYxwc3GX6wt5%2Ff%2F58MIaNMbJLnjWw%3D%3D&id=574392067

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 09:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://bcdtravel.satmetrix.com/app/datacollection/survey/datacollection?p=MTYAAAAAAAAAALZfOhHoAhx0EbYhMNipJpnun%2B3IrEfSxb9R%2BulWN%2BtxZMUV1dhfqIGR%2BtpESdtsRUkNXBKnBo8BLRXPiBhWbdCIGQhiK5m9DT3IgrYxwc3GX6wt5%2Ff%2F58MIaNMbJLnjWw%3D%3D&id=574392067

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133376874631004127"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe
2272	chrome.exe
2272	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 3832	1428	chrome.exe	82
PID 1428 wrote to memory of 3832	1428	chrome.exe	82
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 2880	1428	chrome.exe	85
PID 1428 wrote to memory of 4168	1428	chrome.exe	84
PID 1428 wrote to memory of 4168	1428	chrome.exe	84
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86
PID 1428 wrote to memory of 4888	1428	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bcdtravel.satmetrix.com/app/datacollection/survey/datacollection?p=MTYAAAAAAAAAALZfOhHoAhx0EbYhMNipJpnun%2B3IrEfSxb9R%2BulWN%2BtxZMUV1dhfqIGR%2BtpESdtsRUkNXBKnBo8BLRXPiBhWbdCIGQhiK5m9DT3IgrYxwc3GX6wt5%2Ff%2F58MIaNMbJLnjWw%3D%3D&id=574392067
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe57ad9758,0x7ffe57ad9768,0x7ffe57ad9778
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1884,i,312495368928958330,2416181388885818157,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1884,i,312495368928958330,2416181388885818157,131072 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1884,i,312495368928958330,2416181388885818157,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1884,i,312495368928958330,2416181388885818157,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1884,i,312495368928958330,2416181388885818157,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1884,i,312495368928958330,2416181388885818157,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1884,i,312495368928958330,2416181388885818157,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 --field-trial-handle=1884,i,312495368928958330,2416181388885818157,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
d7d7720e2cc98b86159c0e3f468af35a

SHA1
c2e0c7d9fdef3c8d4065c0d390cbfafe8c3b9dd1

SHA256
0989577286d81f4f974d07778c5e5f358904bf25c3a075d2b33b9e7bfe638dc1

SHA512
5c948cbe0828894a6e1891a565a02f85676d9588d2547ad98809a47c1dce5b0141187ebeb05edb8dd3115ed9c2d7893d473b6bb0aa17c97833fbc089c117d05c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
682c957b50107d2fa9b043e04ec02c01

SHA1
2a8ade4fbe8c3d852083e2a3fce1231a254f60eb

SHA256
87c7fd82b60e11a525534865e71188a4fbd1ce6995200088876f6833f370860d

SHA512
28ec0dde111bce57209014a31f6ec78ac6e6bd11b1fab7291531c0b7e1040cbdbe5bdb3a82f5fd77dc582dae3986dc6addc89c5bc9bf667272cede457a6d6e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
2b5ddc7990f6262408e2a93d4e7c6677

SHA1
11530426adaa8c654a53a7362353790fc79bfdf1

SHA256
19d3065d99fdc902cf14679c52d562b7bed53992e5d0508da1fad44436adeb55

SHA512
f530c412abf06049329e27654e91ca59cedb2d228f8709ee4f8815f39d3577bdfb15bf5043789a9f090884f578b5d59bf9b2ac309bd3ffccc1bb219386324d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
54675f7b54100fca01c349b2fafbd43a

SHA1
3b392872a6cfada0e1505e41fdd58cda5d9b90fb

SHA256
3836c23a834bfdb7178cf776f6d43098b0dcf0c6a19606185e6306cec896bdb4

SHA512
0509ef1cc750df62a7998542434042f6729d99540a37cf2a83ea76e180a65f7c1ef496fc32569112ceab3e557e72ec44cef2b0c2f8fdb8fff773c04a6f31e647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1d2caf945a5b00617dc58e5bd22a862d

SHA1
5c750423b52431282e756019ed9f77be4d64b5a7

SHA256
c47c6f35c0cb50f19c3600c65e8ccaf63310b8e46b0975bfd2797f10ae849cb5

SHA512
e4be334bbb7c779ee09ca16db598d59c96acff6d3c19be0b66d2c2e8c9b0ff661217308575730f254094580b36ebb1854ec33a5db22824e997548832866a807c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
c8bcb84ca27fb684f9eb6da3f6b5baa1

SHA1
e7e18436391191b19030ba7b15bd800ccae5d9a1

SHA256
3df9b4bc7234da0e43c12dfc899bfec6d3f42c0ff3552bd901bed629c4cc3261

SHA512
424d0850bfdc38678d29c1afa88d65b2c5620caf453a3f35aad8c3009ecdeb7c95dea78be86fe60a5a49eff1b1d49c6b2d03b687207abc2122eed94d6acf4082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit